SIEM Detection Test: Honeypot – FTP Auth Test

Detecting when a Honypot is accessed is important to detect lateral movement across your environment. We recommend that SIEMs should be tested for honeypot detection to ensure the detection of lateral movement which could originate from both employees and external bad actors.

How to Test Your Honeypot for Lateral Movement via FTP Auth

Prerequisites

Blumira Sensor is deployed
Honeypot Module is configured

FTP Test

Open a CMD Prompt as an Administrator that can communicate with the sensor over port 21
Type the following:
- FTP
- open<ip_address of the sensor>
- Add in username & password
Within minutes, a finding (alert) will populate in the responder dashboard in Blumira

Additional Security Resources

View All Posts

Security Alerts

12 min read | October 24, 2024

FortiManager: Unauthenticated Remote Access Vulnerability - CVE-2024-47575

Infographic showing the steps to overcome fear, uncertainty, and helplessness

Security Trends and Info

8 min read | October 10, 2024

Fear, Uncertainty, and Helplessness in Cybersecurity

Security Alerts

26 min read | September 23, 2024

CVE-2024-38063 Windows TCP/IP Remote Code Execution Vulnerability

Get Started for Free

Experience the Blumira Free SIEM, with automated detection and response plus compliance reports for 3 cloud connectors, forever.